Threat Modeling, Trust Modeling, and Development of Secure Platform in Cloud Environments
Comprehensive study of threats, their operational architecture, and adoption of threat modeling for their classification, form the foundation for development of secure technologies for cloud. Cloud platforms today assist providers in controlling and managing the customer VMs. In addition, they also help monitor and manage cloud performance.
One of the biggest concerns of adopting cloud services is the inability to track any malicious insider threats. There are no security layers built within any available hypervisor that will ensure that tenants have the right to specify rules that can define how the data hosted at the provider’s end can be accessed. This work involved development of a Security Enabled Data Object (SEDO) layer that ensures security of valuable assets hosted at the provider’s infrastructure and also provides real-time updates to data owners, thus resolving the concern regarding lack of asset control for the cloud tenant.
Currently a highly scalable, secure, resilient, and easily deployable cloud platform is also being built embedding SEDO layer into it. Such a platform will enhance the visibility of the cloud operations, so that the cloud as a whole can be managed and monitored as a single unit despite being distributed. Individual cloud consumers are also given transparency into the cloud insides through enhanced visibility in terms of usage of the cloud and its resources. Above all, their assets and the actions performed on them are also monitored based on the rules defined in the secure SEDO layer.
This work also involves development of formal models of trust in Cloud Computing. Trust is based on three elements: Expected things, Belief, and Willingness to take risk. Trust formalisation will include logical and quantitative approaches to modeling. In cloud environments, these models will help both the providers and consumers thwart threats and provide increased levels of trustworthiness.